leak check closure to fnptr non-lub-coercions too

BoxyUwU · BoxyUwU · commit 1255ae4f7ec3 · 2025-10-29T17:53:49.000Z
diff --git a/compiler/rustc_hir_typeck/src/coercion.rs b/compiler/rustc_hir_typeck/src/coercion.rs
@@ -123,7 +123,9 @@ impl<'f, 'tcx> Coerce<'f, 'tcx> {
 
     fn unify_raw(&self, a: Ty<'tcx>, b: Ty<'tcx>) -> InferResult<'tcx, Ty<'tcx>> {
         debug!("unify(a: {:?}, b: {:?}, use_lub: {})", a, b, self.use_lub);
-        self.commit_if_ok(|_| {
+        self.commit_if_ok(|snapshot| {
+            let outer_universe = self.infcx.universe();
+
             let at = self.at(&self.cause, self.fcx.param_env);
 
             let res = if self.use_lub {
@@ -136,7 +138,7 @@ impl<'f, 'tcx> Coerce<'f, 'tcx> {
             // In the new solver, lazy norm may allow us to shallowly equate
             // more types, but we emit possibly impossible-to-satisfy obligations.
             // Filter these cases out to make sure our coercion is more accurate.
-            match res {
+            let res = match res {
                 Ok(InferOk { value, obligations }) if self.next_trait_solver() => {
                     let ocx = ObligationCtxt::new(self);
                     ocx.register_obligations(obligations);
@@ -147,7 +149,27 @@ impl<'f, 'tcx> Coerce<'f, 'tcx> {
                     }
                 }
                 res => res,
-            }
+            };
+
+            // We leak check here mostly because lub operations are
+            // kind of scuffed around binders. Instead of computing an actual
+            // lub'd binder we instead:
+            // - Equate the binders
+            // - Return the lhs of the lub operation
+            //
+            // In order to actually ensure that equating the binders *does*
+            // result in equal binders, and that the lhs is actually a supertype
+            // of the rhs, we must perform a leak check here.
+            //
+            // Leak checking even when `use_lub` is false causes us to emit some
+            // errors in dead code where borrowck would otherwise not catch the
+            // subtyping errors. This is not soundness critical.
+            //
+            // FIXME: Ideally the actual `eq/sub/lub` would handle leak checks
+            // themselves whenever a binder is entered.
+            self.leak_check(outer_universe, Some(snapshot))?;
+
+            res
         })
     }
 
@@ -751,40 +773,26 @@ impl<'f, 'tcx> Coerce<'f, 'tcx> {
         b: ty::PolyFnSig<'tcx>,
         adjustment: Option<Adjust>,
     ) -> CoerceResult<'tcx> {
-        self.commit_if_ok(|snapshot| {
-            let outer_universe = self.infcx.universe();
-
-            let a_ty = Ty::new_fn_ptr(self.tcx, a);
-            let b_ty = Ty::new_fn_ptr(self.tcx, b);
+        let a_ty = Ty::new_fn_ptr(self.tcx, a);
+        let b_ty = Ty::new_fn_ptr(self.tcx, b);
 
-            // Handle coercing `fn(..)` to `unsafe fn(..)`
-            let result = if a.safety().is_safe() && b.safety().is_unsafe() {
-                let unsafe_a_ty = self.tcx.safe_to_unsafe_fn_ty(a);
-                let adjustment = adjustment.map(|kind| Adjustment { kind, target: a_ty });
+        // Handle coercing `fn(..)` to `unsafe fn(..)`
+        if a.safety().is_safe() && b.safety().is_unsafe() {
+            let unsafe_a_ty = self.tcx.safe_to_unsafe_fn_ty(a);
+            let adjustment = adjustment.map(|kind| Adjustment { kind, target: a_ty });
 
-                self.unify_and(
-                    unsafe_a_ty,
-                    b_ty,
-                    adjustment,
-                    Adjust::Pointer(PointerCoercion::UnsafeFnPointer),
-                )
-            } else {
-                match adjustment {
-                    Some(adjust) => self.unify_and(a_ty, b_ty, [], adjust),
-                    None => self.unify(a_ty, b_ty),
-                }
-            };
-
-            // FIXME(#73154): This is a hack. Currently LUB can generate
-            // unsolvable constraints. Additionally, it returns `a`
-            // unconditionally, even when the "LUB" is `b`. In the future, we
-            // want the coerced type to be the actual supertype of these two,
-            // but for now, we want to just error to ensure we don't lock
-            // ourselves into a specific behavior with NLL.
-            self.leak_check(outer_universe, Some(snapshot))?;
-
-            result
-        })
+            self.unify_and(
+                unsafe_a_ty,
+                b_ty,
+                adjustment,
+                Adjust::Pointer(PointerCoercion::UnsafeFnPointer),
+            )
+        } else {
+            match adjustment {
+                Some(adjust) => self.unify_and(a_ty, b_ty, [], adjust),
+                None => self.unify(a_ty, b_ty),
+            }
+        }
     }
 
     fn coerce_from_fn_pointer(
diff --git a/tests/ui/coercion/leak_check_single_to_fnptr.deadcode.stderr b/tests/ui/coercion/leak_check_single_to_fnptr.deadcode.stderr
@@ -0,0 +1,40 @@
+error[E0308]: mismatched types
+  --> $DIR/leak_check_single_to_fnptr.rs:25:39
+   |
+LL |     let _target: for<'a> fn(&'a ()) = a_fndef;
+   |                  ------------------   ^^^^^^^ one type is more general than the other
+   |                  |
+   |                  expected due to this
+   |
+   = note: expected fn pointer `for<'a> fn(&'a ())`
+                 found fn item `fn(&'static ()) {static_fndef}`
+
+error[E0308]: mismatched types
+  --> $DIR/leak_check_single_to_fnptr.rs:28:39
+   |
+LL |     let _target: for<'a> fn(&'a ()) = a_fnptr;
+   |                  ------------------   ^^^^^^^ one type is more general than the other
+   |                  |
+   |                  expected due to this
+   |
+   = note: expected fn pointer `for<'a> fn(&'a ())`
+              found fn pointer `fn(&())`
+
+error[E0308]: mismatched types
+  --> $DIR/leak_check_single_to_fnptr.rs:31:39
+   |
+LL |     let a_closure = |_: &'static ()| {};
+   |                     ---------------- the found closure
+...
+LL |     let _target: for<'a> fn(&'a ()) = a_closure;
+   |                  ------------------   ^^^^^^^^^ one type is more general than the other
+   |                  |
+   |                  expected due to this
+   |
+   = note: expected fn pointer `for<'a> fn(&'a ())`
+                 found closure `{closure@$DIR/leak_check_single_to_fnptr.rs:21:21: 21:37}`
+   = note: closure has signature: `fn(&'static ())`
+
+error: aborting due to 3 previous errors
+
+For more information about this error, try `rustc --explain E0308`.
diff --git a/tests/ui/coercion/leak_check_single_to_fnptr.livecode.stderr b/tests/ui/coercion/leak_check_single_to_fnptr.livecode.stderr
@@ -0,0 +1,40 @@
+error[E0308]: mismatched types
+  --> $DIR/leak_check_single_to_fnptr.rs:25:39
+   |
+LL |     let _target: for<'a> fn(&'a ()) = a_fndef;
+   |                  ------------------   ^^^^^^^ one type is more general than the other
+   |                  |
+   |                  expected due to this
+   |
+   = note: expected fn pointer `for<'a> fn(&'a ())`
+                 found fn item `fn(&'static ()) {static_fndef}`
+
+error[E0308]: mismatched types
+  --> $DIR/leak_check_single_to_fnptr.rs:28:39
+   |
+LL |     let _target: for<'a> fn(&'a ()) = a_fnptr;
+   |                  ------------------   ^^^^^^^ one type is more general than the other
+   |                  |
+   |                  expected due to this
+   |
+   = note: expected fn pointer `for<'a> fn(&'a ())`
+              found fn pointer `fn(&())`
+
+error[E0308]: mismatched types
+  --> $DIR/leak_check_single_to_fnptr.rs:31:39
+   |
+LL |     let a_closure = |_: &'static ()| {};
+   |                     ---------------- the found closure
+...
+LL |     let _target: for<'a> fn(&'a ()) = a_closure;
+   |                  ------------------   ^^^^^^^^^ one type is more general than the other
+   |                  |
+   |                  expected due to this
+   |
+   = note: expected fn pointer `for<'a> fn(&'a ())`
+                 found closure `{closure@$DIR/leak_check_single_to_fnptr.rs:21:21: 21:37}`
+   = note: closure has signature: `fn(&'static ())`
+
+error: aborting due to 3 previous errors
+
+For more information about this error, try `rustc --explain E0308`.
diff --git a/tests/ui/coercion/leak_check_single_to_fnptr.rs b/tests/ui/coercion/leak_check_single_to_fnptr.rs
@@ -0,0 +1,36 @@
+//@ revisions: livecode deadcode
+
+// When coercing to a fnptr check that we leak check when relating
+// the signatures. Previously we only leak checked for fnptr/fndef
+// to fnptr coercions, but not closure to fnptr coercions. This
+// resulted in closure to fnptr coercions not erroring in dead code
+// when equivalent code with fndefs/fnptrs would error.
+//
+// Outside of dead code all cases wind up erroring in borrowck so this
+// is not a soundness concern.
+
+fn mk<T>() -> T {
+    loop {}
+}
+
+fn static_fndef(_: &'static ()) {}
+
+fn one_way_coerce() {
+    let a_fndef = static_fndef;
+    let a_fnptr = mk::<fn(&'static ())>();
+    let a_closure = |_: &'static ()| {};
+
+    #[cfg(deadcode)]
+    loop {}
+    let _target: for<'a> fn(&'a ()) = a_fndef;
+    //[livecode]~^ ERROR: mismatched types
+    //[deadcode]~^^ ERROR: mismatched types
+    let _target: for<'a> fn(&'a ()) = a_fnptr;
+    //[livecode]~^ ERROR: mismatched types
+    //[deadcode]~^^ ERROR: mismatched types
+    let _target: for<'a> fn(&'a ()) = a_closure;
+    //[livecode]~^ ERROR: mismatched types
+    //[deadcode]~^^ ERROR: mismatched types
+}
+
+fn main() {}
